VIP Bug ?
monolithelectronics last edited by
I have interesting problem with my SSG5 OS 6.3.0r4.0.
**set service “Tecom_TCP/UDP” protocol tcp src-port 0-65535 dst-port 3001-3001
set service “Tecom_TCP/UDP” + udp src-port 0-65535 dst-port 3001-3001
set interface “ethernet0/0” zone “Untrust”
set interface ethernet0/0 ip 10.0.0.1/24
set interface ethernet0/0 route
set interface bgroup0 ip 192.168.32.1/24
set interface bgroup0 route
set interface ethernet0/0 ip manageable
set interface bgroup0 ip manageable
set interface ethernet0/0 manage ping
set interface ethernet0/0 manage telnet
set interface ethernet0/0 manage web
set interface ethernet0/0 vip interface-ip 3001 “Tecom_TCP/UDP” 192.168.32.184
set interface ethernet0/0 dip 4 10.0.0.10 10.0.0.20 fix-port
set policy id 90 from “Untrust” to “Trust” “Any” “VIP(ethernet0/0)” “Tecom_TCP/UDP” permit log
set policy id 90
set policy id 87 name “Tecom_TCP/UDP” from “Trust” to “Untrust” “Any” “Any” “Tecom_TCP/UDP” nat src permit log
set policy id 87
set log session-init
What is happening:
On TCP everything works like a charm, both ways I can get in and out, however on UDP site it does not. I can only get out on UDP.
If I swap TCP with UDP in places
set service “Tecom_TCP/UDP” protocol udp src-port 0-65535 dst-port 3001-3001
set service “Tecom_TCP/UDP” + tcp src-port 0-65535 dst-port 3001-3001
then UDP starts working and TCP stops.
Any ideas why? This is the last rule in VIP, I have other rules there which works both ways.
Please let me know if I have missed something in my config.
Thank you for all help in advance.
PascalG last edited by
set vip multi-port
VIP basically not support service definition with multi port/protocol